Requirements specification: Encryption should be a requirement of systems that transmit data.

Design: Encryption should be designed into the system at the architectural and design phases

Platform

Languages: Any

Operating platform: Any

Required resources

Any

Severity

High

Likelihood of exploit

Very High

Omitting the use of encryption in any program which transfers data over a network of any kind should be considered on par with delivering the data sent to each user on the local networks of both the sender and receiver.

Worse, this omission allows for the injection of data into a stream of communication between two parties - with no means for the victims to separate valid data from invalid.

In this day of widespread network attacks and password collection sniffers, it is an unnecessary risk to omit encryption from the design of any system which might benefit from it.